Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2493-1)
high Nessus Plugin ID 202563
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2493-1 advisory.The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
- CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
- CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
- CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229)
- CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
- CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
- CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
- CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
- CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
- CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
- CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
- CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
- CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1215420
https://bugzilla.suse.com/1220833
https://bugzilla.suse.com/1221656
https://bugzilla.suse.com/1221659
https://bugzilla.suse.com/1222005
https://bugzilla.suse.com/1222792
https://bugzilla.suse.com/1223021
https://bugzilla.suse.com/1223188
https://bugzilla.suse.com/1224622
https://bugzilla.suse.com/1224627
https://bugzilla.suse.com/1224647
https://bugzilla.suse.com/1224683
https://bugzilla.suse.com/1224686
https://bugzilla.suse.com/1224743
https://bugzilla.suse.com/1224965
https://bugzilla.suse.com/1225229
https://bugzilla.suse.com/1225357
https://bugzilla.suse.com/1225431
https://bugzilla.suse.com/1225478
https://bugzilla.suse.com/1225505
https://bugzilla.suse.com/1225530
https://bugzilla.suse.com/1225532
https://bugzilla.suse.com/1225569
https://bugzilla.suse.com/1225593
https://bugzilla.suse.com/1225835
https://bugzilla.suse.com/1226757
https://bugzilla.suse.com/1226861
https://bugzilla.suse.com/1226994
https://bugzilla.suse.com/1227407
https://bugzilla.suse.com/1227435
https://bugzilla.suse.com/1227487
https://lists.suse.com/pipermail/sle-updates/2024-July/036017.html
https://www.suse.com/security/cve/CVE-2021-47145
https://www.suse.com/security/cve/CVE-2021-47201
https://www.suse.com/security/cve/CVE-2021-47275
https://www.suse.com/security/cve/CVE-2021-47438
https://www.suse.com/security/cve/CVE-2021-47498
https://www.suse.com/security/cve/CVE-2021-47520
https://www.suse.com/security/cve/CVE-2021-47547
https://www.suse.com/security/cve/CVE-2023-4244
https://www.suse.com/security/cve/CVE-2023-52507
https://www.suse.com/security/cve/CVE-2023-52683
https://www.suse.com/security/cve/CVE-2023-52693
https://www.suse.com/security/cve/CVE-2023-52753
https://www.suse.com/security/cve/CVE-2023-52817
https://www.suse.com/security/cve/CVE-2023-52818
https://www.suse.com/security/cve/CVE-2023-52819
https://www.suse.com/security/cve/CVE-2024-26635
https://www.suse.com/security/cve/CVE-2024-26636
https://www.suse.com/security/cve/CVE-2024-26880
https://www.suse.com/security/cve/CVE-2024-35805
https://www.suse.com/security/cve/CVE-2024-35819
https://www.suse.com/security/cve/CVE-2024-35828
https://www.suse.com/security/cve/CVE-2024-35947
https://www.suse.com/security/cve/CVE-2024-36014
https://www.suse.com/security/cve/CVE-2024-36941
https://www.suse.com/security/cve/CVE-2024-38598
https://www.suse.com/security/cve/CVE-2024-38619
Plugin Details
Severity: High
ID: 202563
File Name: suse_SU-2024-2493-1.nasl
Version: 1.2
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/17/2024
Updated: 8/28/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2021-47520
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/16/2024
Vulnerability Publication Date: 9/6/2023
Reference Information
CVE: CVE-2021-47145, CVE-2021-47201, CVE-2021-47275, CVE-2021-47438, CVE-2021-47498, CVE-2021-47520, CVE-2021-47547, CVE-2023-4244, CVE-2023-52507, CVE-2023-52683, CVE-2023-52693, CVE-2023-52753, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2024-26635, CVE-2024-26636, CVE-2024-26880, CVE-2024-35805, CVE-2024-35819, CVE-2024-35828, CVE-2024-35947, CVE-2024-36014, CVE-2024-36941, CVE-2024-38598, CVE-2024-38619, CVE-2024-39301, CVE-2024-39475
SuSE: SUSE-SU-2024:2493-1